Sometimes you may get for your ADFS Event 168. This is linked to a little gem in the AD FS Management console: you havbe the ability to define for each relying party a metadata URL you can monitor for changes including the URL and the certificates. In the example below the error is shown in the monitoring tab of the properties dialog box of the relying party having issues:
But contrary to popular belief, you may not monitor this from the ADFS Proxy. It is the regular ADFS server that checks periodically, every 24 hours, the URL you have mentioned. Therefore all standard connectivity issues apply to this check.
This means that if you need to go through a proxy to go to the Internet, you must properly set that proxy. The one which is used is the machine-wide proxy and set using the netsh winhttp proxy context. You can figure this out in the warning event 168 logged in the ADFS admin log
Ih that event, you’ll find name of the relying party, the URL which cannot be retrieved and under exception details the reason why it fails: DNS issue, proxy issue, etc.
If you already have started your ADFS infrastructure and need to change the proxy, note that the proxy is read at the service startup; so you may need to restart the “Active Directory Federation Services” to have your new parameters taken into account. When the service starts up, ADFS event 397 is written into the log as “The federation server loaded the HTTP proxy configuration from the WinHTTP settings”
